Checkpoint.AspNetCore 0.3.2

There is a newer version of this package available.
See the version list below for details.

dotnet add package Checkpoint.AspNetCore --version 0.3.2

NuGet\Install-Package Checkpoint.AspNetCore -Version 0.3.2

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="Checkpoint.AspNetCore" Version="0.3.2" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

<PackageVersion Include="Checkpoint.AspNetCore" Version="0.3.2" />
                    

                            Directory.Packages.props

<PackageReference Include="Checkpoint.AspNetCore" />
                    

                            Project file

For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.

paket add Checkpoint.AspNetCore --version 0.3.2

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: Checkpoint.AspNetCore, 0.3.2"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

#:package Checkpoint.AspNetCore@0.3.2

#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.

#addin nuget:?package=Checkpoint.AspNetCore&version=0.3.2
                    

                            Install as a Cake Addin

#tool nuget:?package=Checkpoint.AspNetCore&version=0.3.2
                    

                            Install as a Cake Tool

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

ASP.NET Core middleware for AI agent detection and policy enforcement. Drop-in middleware that detects AI agents, enforces policies from the Checkpoint dashboard, and blocks/redirects automated traffic. The .NET equivalent of @kya-os/checkpoint-express.

Product	Compatible and additional computed target framework versions.
.NET	net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed.

Product

.NET

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

net8.0
- Checkpoint.Core (>= 0.3.2)

NuGet packages (1)

Showing the top 1 NuGet packages that depend on Checkpoint.AspNetCore:

Package	Downloads
KyaOs.Checkpoint AI agent detection and policy enforcement for any .NET HTTP server. Install this metapackage and NuGet automatically pulls in the right adapter for your runtime: Checkpoint.AspNetCore on modern .NET (ASP.NET Core 6+), or Checkpoint.AspNet on classic .NET Framework 4.6.2+ (System.Web / IIS). Same WASM-backed Rust detection engine on both stacks — same patterns, same scoring, same updates.	1.3K

Package

Downloads

KyaOs.Checkpoint

AI agent detection and policy enforcement for any .NET HTTP server. Install this metapackage and NuGet automatically pulls in the right adapter for your runtime: Checkpoint.AspNetCore on modern .NET (ASP.NET Core 6+), or Checkpoint.AspNet on classic .NET Framework 4.6.2+ (System.Web / IIS). Same WASM-backed Rust detection engine on both stacks — same patterns, same scoring, same updates.

1.3K

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last Updated
0.4.0	82	4/22/2026
0.3.3	102	4/21/2026
0.3.2	114	4/21/2026
0.3.1	108	4/18/2026
0.3.0	108	4/18/2026
0.2.9	103	4/18/2026
0.2.8	105	4/17/2026
0.2.7	101	4/17/2026
0.2.6	97	4/17/2026
0.2.5	110	4/17/2026
0.2.4	125	4/17/2026
0.2.3	111	4/17/2026
0.2.2	109	4/15/2026
0.2.1	100	4/15/2026
0.2.0	101	4/15/2026
0.1.11	88	4/13/2026
0.1.10	134	4/10/2026
0.1.9	100	4/2/2026
0.1.8	102	3/31/2026
0.1.7	91	3/31/2026

0.3.2 — Send detectionClass with log-detection payload

Pre-0.3.2 middleware submitted detection events to
POST /api/v1/log-detection without a detectionClass field. The server
falls back to isAgent ? "ai_agent" : "human", which mis-stamped every
Googlebot, GPTBot, ClaudeBot, SemrushBot, etc. hit as an interactive
AI agent. One hardwareworld.com test window produced 325,056 such
mis-classified rows under source="middleware" in 72 hours.

The detector already produces the correct class in
DetectionResult.DetectionClass. The gap was purely transport — the
DetectionEvent DTO and log-detection payload both dropped the field.
This release closes the gap:

* DetectionEvent gains a nullable DetectionClass property
(Checkpoint.Core). Nullable preserves binary compat for any caller
that constructs the DTO manually.
* CheckpointApiClient.TryReportToLogDetectionAsync now emits
detectionClass in the JSON payload via a wire mapping:
Human -> "human", AiAgent -> "ai_agent", Bot -> "bot",
IncompleteData/Unknown -> "incomplete_data". Null omits the field so
the server's UA-pattern fallback still applies for older callers.
* Both middlewares pass result.DetectionClass through to the
DetectionEvent — CheckpointMiddleware (AspNetCore, net8.0) and
CheckpointModule (AspNet, net462) share the same wiring.

Covers all four packages — Checkpoint.Core, Checkpoint.AspNet,
Checkpoint.AspNetCore, and the KyaOs.Checkpoint umbrella.

9 new tests:
* Checkpoint.Core.Tests/Api/CheckpointApiClientPayloadTests (7) —
per-enum wire assertions + null-omitted + endpoint URL.
* Checkpoint.AspNetCore.Tests/Middleware (2) — bot and AI-agent
DetectionClass pass-through from detector to DetectionEvent.

Follow-up (out of this release): harden the server fallback at
apps/web/app/api/v1/log-detection/route.ts so older clients that still
omit the field are classified via UA pattern instead of defaulted to
ai_agent.

0.3.1 — Block/Instruct response no longer leaks bad McpServerUrl

Follow-up to 0.3.0. The redirect branches in 0.3.0 correctly refused to
302 to a relative or non-http(s) McpServerUrl, but the block-response
body (PlainText "MCP Server: /connect/x" line, JSON "mcp_server" field)
and Instruct response still propagated the bad URL to the agent. An LLM
fetcher would relay the broken instructions to the user verbatim.

Changes:
* WritePlainTextResponseAsync (AspNetCore): McpServerUrl is gated through
UrlHelpers.IsAbsoluteHttpUrl — relative / non-http values are dropped
from the body and the agent gets the "contact site owner" fallback.
* WriteJsonResponseAsync (AspNetCore) + WriteBlockedJsonResponse (AspNet):
the "mcp_server" / "mcpServer" field is omitted (along with the
"instructions" sentence) when McpServerUrl is not an absolute http(s)
URL.
* WriteJsonResponseAsync + WriteInstructResponseAsync (AspNetCore):
switched from WriteAsJsonAsync to JsonSerializer.Serialize +
response.WriteAsync. The streaming serializer requires the response
body PipeWriter to implement UnflushedBytes, which TestServer's pipe
writer doesn't — every JSON-mode test in the AspNetCore suite was
silently throwing into FailOpen and falling through to the route
handler. Buffering matches what the AspNet adapter already does, and
resolves the four pre-existing test failures inherited from earlier
releases.

7 new tests in CheckpointMiddlewareTests covering Json/PlainText
McpServerUrl omission across path-relative, schemeless, protocol-relative,
javascript:, and ftp:// inputs. AspNetCore suite now 20/20 green
(was 9/13).